Search This Blog

Tuesday, June 28, 2005

Watch out for this eBay fraud technique


NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
06/28/05
Today's focus: Watch out for this eBay fraud technique

Dear security.world@gmail.com,

In this issue:

* Stephen Cobb describes how someone tried to dupe him
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by McAfee(r)

Cyber-criminals are targeting the PCs of small businesses.
That's the word according to a recent article from independent
researchers, the Yankee Group. To learn what they recommended
for protection, get the article for yourself-courtesy of
McAfee(r), the proven security experts. No registration
required.
http://www.fattail.com/redir/redirect.asp?CID=106812
_______________________________________________________________
See the Best Products First at DEMOfall

Join the leaders September 19-21 at DEMOfall 2005 - where the
brightest minds unveil the most exciting new technology
products. Experience unparalleled innovation, and network with
powerful journalists, analysts, and VCs. Register now!
http://www.fattail.com/redir/redirect.asp?CID=107330
_______________________________________________________________

Today's focus: Watch out for this eBay fraud technique

By M. E. Kabay

Longtime friend and colleague Stephen Cobb sends the following
warning about an auction-related scam ("I" refers to Stephen
throughout and names have been changed to avoid lawsuits):
* * *

In early April, I failed to win an auction for an $800/£420 item
by just a few pounds. The item was listed by someone in South
Gloucestershire, England. I think the listing itself was
entirely legitimate. A few days later I was contacted via eBay
e-mail, supposedly by the seller, saying:

"You expressed interest in Item number 6165275772 by bidding,
however the auction has ended with another member as the high
bidder. In compliance with eBay policy, the seller of that item
is making this Second Chance Offer to you at your bid price of
£415.00. The seller has issued this Second Chance Offer because
the winning bidder was unable to complete the transaction."

However, the name associated with this message, "Dave Alabaz,"
did not seem to match the lister of the item (far722 - but those
names are sometimes obscure). When I contacted Dave via his
Yahoo e-mail address he asked for my mailing address. I felt
this made him sound legit and gave it to him (it is not exactly
a secret) along with an offer to pay him via PayPal. But he
turned this down, telling me to follow instructions in the
message that I would get from eBay.

I did then receive e-mail from aw-confirm@ebay.com stating, "You
have agreed to purchase the following eBay item from far722 on
Mar-29-05." The message asked me to pay through Western Union.
The seller gave me the name and street address of the Western
Union recipient as Patsy Alabaz, in London, not South
Gloucestershire.

Here is some of the e-mail:

"Currently, this seller has a US$ 20,000.00 deposit in an eBay
managed purchase protection account. Transactions with this eBay
seller are covered by purchase protection against fraud and
description errors. For your safety, this account was locked
today, for 30 days time. The seller is unable to withdraw any
money from it, within this period."

This sounded fishy and the source of the HTML message looked
fishy. One disguised link led to a login at Yahoo e-mail! So I
went to the eBay Q&A forum and described this stuff. Everyone
there shouted SCAM!

Presumably this is perpetrated by someone watching the bidding
for a high-end item, then hitting one or more "losers" with
e-mail to their eBay bidding ID, correctly listing their losing
bids and offering to sell them the exact same item. Quite
enticing to a keen buyer, even though logic tells you that the
scammer very definitely does not have the item - we are talking
about serial-numbered items here - it went to the auction
winner.

But of course the weak link in any scam is getting the cash from
the mark, and if this truly is a fraudulent transaction the
scammer seems to be using Patsy Alabaz to get paid (a real
person or an ironic pseudonym?).

There may be another cutout in this scam that allows the scammer
to get the money despite there being no Patsy at that address.
But just in case it was worth pursuing, I passed the information
along to the security folks at eBay. I did not reply to Mr.
Alabaz but I'd like to think that eBay did, and arranged to have
someone from Scotland Yard meet Patsy Alabaz when she went to
collect payment.

The simple lesson is don't fall for Second Chance offers. The
bigger lesson is to think twice about buying big-ticket items
over the Internet. A few days after the "Patsy" incident, I came
across a Kubota tractor legitimately listed for sale on a
tractor dealer's Web site, but fraudulently listed on eBay. The
latter listing used the same photos but offered a much lower
price, payable by money order to an address in Europe. When I
contacted the real owner of the tractor he told me the Secret
Service were already on the case.
* * *

About the Author

A 25-year computer audit and security veteran, Stephen Cobb has
written extensively on these subjects and has founded several
successful computer security companies. He is also an Adjunct
Professor of Information Assurance at Norwich University.

RELATED EDITORIAL LINKS

JavaOne spotlights open source, security
Network World, 06/27/05
http://www.networkworld.com/news/2005/062705-javaone.html?rl

SBC unveils managed IDS service
Network World, 06/27/05
http://www.networkworld.com/news/2005/062705-sbc-ids.html?rl

CA launches security pack for SMB
Network World, 06/27/05
http://www.networkworld.com/news/2005/062705-ca-smb.html?rl
_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.

A Master's degree in the management of information assurance in
18 months of study online from a real university - see
<http://www.msia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by McAfee(r)

Cyber-criminals are targeting the PCs of small businesses.
That's the word according to a recent article from independent
researchers, the Yankee Group. To learn what they recommended
for protection, get the article for yourself-courtesy of
McAfee(r), the proven security experts. No registration
required.
http://www.fattail.com/redir/redirect.asp?CID=106813
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html

Security Research Center:
http://www.networkworld.com/topics/security.html

Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna

Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
How well do you know your customers?

Accurate customer data directly impacts loyalty and business
planning, yet few companies update data regularly. Experts
address the challenges of ensuring a consistent, coherent
customer view across the enterprise.
http://www.fattail.com/redir/redirect.asp?CID=107331
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS

Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments: